Contents

"Google Hacking" involves using advanced operators in the Google search engine to locate specific strings of text within search results. Some of the more popular examples are finding specific versions of vulnerable Web applications. A search query with intitle: admbook intitle: Fversion filetype: php would locate all web pages that have that particular text contained within them. It is normal for default installations of applications to include their running version in every page they serve, for example, "Powered by XOOPS 2.2.3 Final".

One can even retrieve the username and password list from Microsoft FrontPage servers by inputting the given microscript in Google search field:

Devices connected to the Internet can be found. A search string such as inurl: "ViewerFrame?Mode=" will find public web cameras.

Another useful search is following intitle: index.of followed by a search keyword. This can give a list of files on the servers. For example, intitle: index.of mp3 will give all the MP3 files available on various servers.

Google Hacking Diggity Project - Bishop Fox – a research and development initiative dedicated to investigating the latest techniques that leverage search engines (such as Google, Bing, and Shodan) to quickly identify vulnerable systems and sensitive data on public networks. An arsenal of free attack and defense tools related to search engine hacking are available for download.